On April 28, the Securities and Exchange Commission (SEC) Division of Investment Management (the “Division”) published a Guidance Update setting forth cybersecurity concerns and advice for the registered investment companies and investment advisers it regulates. This is the most recent instance of the SEC’s continued focus on cybersecurity. Cybersecurity was highlighted in the spring of 2014 as part of the National Exam Program (NEP) Examination Priorities released by the SEC’s Office of Compliance Inspections and Examinations (OCIE). OCIE’s cybersecurity priorities were discussed in more detail in the SEC’s Compliance Outreach Program, which highlighted compliance-related issues that should be addressed by compliance officers and other senior executives of investment funds and advisers. Subsequently, in February of this year, the OCIE issued a Risk Alert following sweep exams conducted to analyze cybersecurity threats faced by investment advisers and broker-dealers. The results increased the SEC staff’s concern regarding preparation of investment advisers for cybersecurity threats, especially as compared to that of broker-dealers.
The Division is now providing practical advice and specific measures that funds and advisers can implement in order to better prepare for the barrage of cybersecurity threats facing funds and all companies on a daily basis.
Click here to read the full alert.